The SQL RM switch modules allow CICS- and JES-initiated transactions to execute using different user credentials than those
specified within the xa_open string. This is called user impersonation. The credentials used instead are for:
- CICS - the user currently logged in
- JCL - the user specified in the job card
With user impersonation, the credentials specified in the open string for each XAR must be for an account that can impersonate
other users, but otherwise has minimal database privileges and access rights.
Note: For JCL, if no user ID is specified on the job card, the batch job will run with database user ID JESUSER. If the CICS transaction
is run without a CICS login, it will execute with database user ID CICSUSER.
- CICS processing
- For CICS processing, create a CICS user ID with the same name as the database user ID you want to impersonate. If you are
using internal Enterprise Server security, you can use the Enterprise Server Monitor and Control (ESMAC) feature to create
and administer CICS user IDs. If, however, you are using an external security manager, configure the user ID via LDAP. For
more information, see
Environment Variables used in Enterprise Server Security. For general details on CICS user IDs for Enterprise Server security, see
Enterprise Server Security.
- JES and CICS processing
- For both JES and CICS processing, be sure that the impersonated user IDs, which are the actual database user IDs used, have
sufficient database privileges to execute the code and access the underlying database tables.